Ticket 151 - strip leading '-' for mailcap sanitize

Kevin J. McCarthy kevin at 8t8.us
Fri Jun 21 21:42:31 UTC 2019

On Fri, Jun 21, 2019 at 02:09:53PM -0700, Kevin J. McCarthy wrote:
>The issue, though, is that the filename isn't always under the user's 
>control.  It has been a very long time without issue, but is there a 
>possibility of program argument abuse that could lead to a security 
>issue here?

Bah.  Thanks everyone for your feedback.  I did miss something: the 
output is sent through to mutt_rfc1524_expand_filename() -> 
mutt_adv_mktemp() which will create the file under $tmpdir.  Even if 
that is empty, the filename will start with "/".

I'll review all the use cases, but I think we're okay.

I don't think %t and %{} require special consideration but will think 
about them a bit more too.

Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190621/6e645304/attachment.asc>

More information about the Mutt-dev mailing list